Jump to content

Mauricio Osorio

Members
  • Posts

    99
  • Joined

  • Last visited

Kudos

  1. Upvote
    Mauricio Osorio gave kudos to JPritchard in ESET Endpoint Encryption - How to disable password encryption   
    Hello Mauricio,
    Thank you for clarifying that the user is managed by an EEES.
    I think you need to adjust the Group Policy in your EEES to prevent Users from encrypting data with passwords. This will force them to use encryption keys instead, which are backed up on the EEES itself. This avoids the situation of forgetting passwords entirely.
    Please see my attached image, as this shows the specific Group Policy setting that you need to change. After changing the setting, don't forget to post a key-file update out to the affected Users to push the new settings to their computers.

    For more information on this process, please see: KB7408 - ESET Endpoint Encryption Server group policy settings
    As for pre-existing data encrypted with passwords, it would be best to decrypt and then re-encrypt the data using a key instead.
    Please let me know if you have any further questions.
    Jay Pritchard
    Technical Support Engineer III / Encryption Support Team Lead
  2. Upvote
    Mauricio Osorio gave kudos to JPritchard in ESET Endpoint Encryption - How to disable password encryption   
    Hello Mauricio,
    Is the User's ESET Endpoint Encryption client (EEE) managed by an ESET Endpoint Encryption Server (EEES)?
    If so, the encryption keys and recovery data are available in the EEES for the Administrator to decrypt and access the computer and data if necessary.
    However, if the User has a standalone version of EEE installed, then only they know their key-file password and FDE Admin credentials. You may wish to discuss with them sharing these details, however this creates a security risk of sharing important passwords.
    If they are using a standalone version of EEE, then you may want to encourage the User to create a key-file backup and  create a backup of their FDE Admin password file ('adminpassword.html'). This file will have been generated at the time they originally performed FDE on their computer. This file is most likely stored on a USB device already.
    For more details, see:
    KB7571 - Back up Key-File in ESET Endpoint Encryption
    As a side note, it is possible to 'adopt' standalone clients into an EEES, so perhaps consider upgrading/purchasing an EEES to provide the means of recovery in such cases.
    I hope this helps!
    Jay Pritchard
    Technical Support Engineer III / Encryption Support Team Lead
  3. Upvote
    Mauricio Osorio gave kudos to Marcos in New vulnerability in ESET or Maybe a fake news   
    Yes, there has been one recently fixed:
    https://support.eset.com/en/ca8223-local-privilege-escalation-vulnerability-fixed-in-eset-products-for-windows
  4. Upvote
    Mauricio Osorio gave kudos to Gonzalo Alvarez in How can I prevent a user from canceling a scan   
    Hi,
    Sure.
    Policy > actions > new > settings > user Interface > star mode > Silent > Assign target client > check > finish.
    Silent: No notifications or alerts will be displayed. Graphical user interface can only be started by the Administrator.
     
  5. Upvote
    Mauricio Osorio gave kudos to Marcos in I cannot apply an exception to a device control rule   
    Both leading and trailing spaces matter. I recollect this should change soon and they should be ignored.
    I'd recommend creating a rule on a workstation with the removable medium connected and selecting "Populate" in the Device Control rule editor. This will enable you to create a rule exactly based on the medium properties. You can then retrieve the configuration of Endpoint via the ESET PROTECT console and convert it to a policy.
  6. Upvote
    Mauricio Osorio gave kudos to kurco in EFS installation does not work   
    Hi Mauricio Osorio,
    from that attached screenshot, it look like your machine doesn't have enough free space to successfully complete installation with all necessary dependencies. Look at line 7 in screenshot "No space left on device", probably issue of some of yours mount point (maybe this one /dev/xvda3, it's 100% full)
    There is nothing much to see in exported logs. But what I can see there, are missing installation files and incorrect permissions of installed files.
    Regards,
    Peter
  7. Upvote
    Mauricio Osorio gave kudos to Peter_J in Database server connection is not working   
    Hello, the documentation is fixed (all available languages).
  8. Upvote
    Mauricio Osorio gave kudos to Marcos in Database server connection is not working   
    Thanks for the heads-up. I've reported it to the documentation team to get it fixed.
  9. Upvote
    Mauricio Osorio received kudos from MartinK in Database server connection is not working   
    Hello guys,
    I think I found the problem and it really is not technical, the problem is with the translation into Spanish from Latin America. Let me show you:
    In the latin american user guide, you can see this instructions:

    Highlighted in yellow you can see that it indicates that for Linux MySQL version 8, the parameter log_bin_trust_function_creators = 1 must be added or modified. But it is indicated only for Linux environments. In the English manual this option is not conditioned to Linux:

    As I was working in a Windows environment, I chose not to make this modification, because the manual indicated that it should only be done in a Linux environment. Just to discard I decided to make the change and everything works correctly.
    Thank you very much for your collaboration and if you can please change the manual (Latin America Spanish) in this section as it may cause confusion.
    Regards.
  10. Upvote
    Mauricio Osorio gave kudos to Marcos in Ransomware SDEN   
    Files were encrypted by Filecoder.LockedFile. According to the logs, there were about 170,000 failed attempts to log in via RDP as "administrator" and alike in approx. one day when the encryption occurred. Also an older version of EFSW 6.5 without Ransomware shield was installed.
    The OP was informed and improvements in protection were suggested.
  11. Upvote
    Mauricio Osorio gave kudos to MartinK in Migration Case   
    Yes, it is possible, but you have to be careful as it might result in inability of AGENT to connect even to their original ESMC.
    Roughly you have to:
    choose new ESMC (i. e. one of existing, or install completely new ESMC) -> I will reference it as "primary ESMC" ensure that ESMC's peer certificate (as set in server settings) contains all required hostnames (or wildcard *), so that AGENTs can connect using various hostnames/IP address. export CA certificate from "primary ESMC". It has to be CA certificate that has been used to sign certificate used for incoming connections, set in server settings. import CA certificate from previous steps into all original ESMC instances. export CA certificates from all original ESMC instances and import them into "master ESMC".  in this moment, all connecting AGENTs should have all 6 CA certificates (5 original + 1 from new ESMC), which means that they can connect to master ESMC, as they will trust it's certificate. This works also other way around -> master ESMC will trust all original AGENT certificates, which means it will accept connections of AGENTs from all previous instances. In each original ESMC instance, create new configuration policy for "ESET Management Agent" and specify servers to connect to in a way that list of hostnames is used, where first in list is hostname of master ESMC, and second is hostname of original server. This is just to be sure that in case AGENT cannot reach new hostname, it will be still connecting to original ESMC. In case hostname will be the same for all AGENTs, you can simplify process by export/import capability. Policies should be assigned to all clients. From this moment, AGENTs should start connecting to master ESMC. You could optionally create policy for "ESET Management Agent" which changes list of server to connect to and AGENT peer certificate so those available in master ESMC, so all remnants of original ESMC servers is removed.
×
×
  • Create New...